Vulnerability Description
GRScript18.dll before 1.2.2.0 in ActiveScriptRuby (ASR) before 1.8.7 does not properly restrict interaction with an Internet Explorer ActiveX environment, which allows remote attackers to execute arbitrary Ruby code via a crafted HTML document.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Artonx.Org | Activescriptruby | <= 1.0.8.8 |
Related Weaknesses (CWE)
References
- http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-list/47170
- http://jvn.jp/en/jp/JVN33283707/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2012-000031
- http://secunia.com/advisories/48811
- http://www.securityfocus.com/bid/53011
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74866
- http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-list/47170
- http://jvn.jp/en/jp/JVN33283707/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2012-000031
- http://secunia.com/advisories/48811
- http://www.securityfocus.com/bid/53011
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74866
FAQ
What is CVE-2012-1241?
CVE-2012-1241 is a vulnerability with a CVSS score of 7.5 (HIGH). GRScript18.dll before 1.2.2.0 in ActiveScriptRuby (ASR) before 1.8.7 does not properly restrict interaction with an Internet Explorer ActiveX environment, which allows remote attackers to execute arbi...
How severe is CVE-2012-1241?
CVE-2012-1241 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-1241?
Check the references section above for vendor advisories and patch information. Affected products include: Artonx.Org Activescriptruby.